增加這個配置后,忽略http請求,然后在nginx -s reload
add_header Content-Security-Policy upgrade-insecure-requests;
server {
listen 443;
server_name localhost;
ssl on;
root html;
index index.html index.htm;
ssl_certificate /etc/ssl/certs/2906065_zxacn.com.pem;
ssl_certificate_key /etc/ssl/certs/2906065_zxacn.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
add_header Content-Security-Policy upgrade-insecure-requests;
proxy_set_header Host $host;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://localhost:8090;
}
}
在我們服務器的響應頭中加入:header("Content-Security-Policy: upgrade-insecure-requests");頁面是 https 的,而這個頁面中包含了大量的 http 資源(圖片、iframe等),頁面一旦發現存在上述響應頭,會在加載 http 資源時自動替換成 https 請求。